WO2018090818A1 - Version check method, apparatus and terminal device - Google Patents

Version check method, apparatus and terminal device Download PDF

Info

Publication number
WO2018090818A1
WO2018090818A1 PCT/CN2017/108532 CN2017108532W WO2018090818A1 WO 2018090818 A1 WO2018090818 A1 WO 2018090818A1 CN 2017108532 W CN2017108532 W CN 2017108532W WO 2018090818 A1 WO2018090818 A1 WO 2018090818A1
Authority
WO
WIPO (PCT)
Prior art keywords
version
verification
information
version number
bit corresponding
Prior art date
Application number
PCT/CN2017/108532
Other languages
French (fr)
Chinese (zh)
Inventor
陈溪
许世峰
钱建英
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2018090818A1 publication Critical patent/WO2018090818A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Definitions

  • the present invention relates to the field of computers, and in particular, to a version verification method, apparatus, and terminal device.
  • System security is a set of hardware and software solutions to support secure boot and to ensure that the system runs in a trusted environment.
  • the system security solution based on the ARM architecture is usually a combination of Secure Boot and Trust Zone technologies.
  • SecureBoot is the basis of system security and is responsible for the initialization process of the entire security system. According to the credible integrity theory, the safe start of the system is the trusted root of the entire system security, and only the security of the system startup can ensure the security of other components of the system.
  • the system When the system is safely started, the system adopts a step-by-step authentication signature, and the subsequent process is guided after the authentication is passed.
  • the security version of the digest signature and code is stored off-chip (usually Flash), the system is first started by the on-chip Boot, after the off-chip startup code signature authentication verification is passed, switch to the off-chip startup code execution, and guide the subsequent startup program. .
  • the off-chip security version has a security vulnerability
  • the embodiment of the invention provides a version verification method, device and terminal device, which can prevent an attacker from using a version with a security vulnerability to perform a security attack and improve system security.
  • the embodiment of the present invention is applicable to a scenario in which a software version is verified by security.
  • the software may be an operating system or an application on the system.
  • an embodiment of the present invention provides a version verification method, where the method includes:
  • the processor obtains the version information of the first version, where the version information includes the version number of the first version, where the version number is used to identify the first version;
  • the version number of a version determines a parity bit corresponding to the version number of the first version; if the parity bit corresponding to the version number of the first version is the first value, it is determined that the first version is disabled, and the first version is verified. If the verification bit corresponding to the version number of the first version is the second value, it is determined that the first version is available, and the first version is verified.
  • the first version is a target version of the system or application to be started by the processor
  • the second version is a target version of the system or application to be upgraded by the processor.
  • the version number of each version in the embodiment of the present invention has a corresponding check bit, and the bit is used to indicate the version of the version and the available information.
  • the version can be verified by security.
  • the verified version is unusable, so it can prevent an attacker from using a version with a security vulnerability for security attacks.
  • the method further includes:
  • the processor receives an indication that the second version is disabled, and the indication that the second version is disabled includes a version number of the second version; and the version number of the second version is determined according to the version number of the second version. a parity bit; the parity bit corresponding to the version number of the second version is the first value.
  • the verification bit information can be updated according to the version of the security information (bugList), and the bit corresponding to the version of the security vulnerability is set to be disabled in time, thereby ensuring that the version with the security vulnerability cannot be used, preventing the attacker from using A version of the security vulnerability is used for security attacks.
  • the verification of the version number (including the first version number and the second version number)
  • the bits are stored in a first field of the electronic fuse metal fuse eFuse, each bit in the first field being used to indicate whether a version is disabled.
  • the first value of the parity bit is 1, and the second value of the second parity bit is 0.
  • the first field may be an NV_BITMAP_E field in the eFuse.
  • NV_BITMAP_E field When a bit in the field is 1, the version number corresponding to the bit is disabled. When a bit in the field is 0, When it is, it indicates that the version number corresponding to the bit is available.
  • eFuse's one-time fusing feature can be utilized. If a version has a security hole, the corresponding bit of the version is set to 1 and then it can no longer be rolled back to the version, thus ensuring the version is started or upgraded. safety.
  • the verification bit corresponding to the version number (including the first version number and the second version number)
  • the bits are stored in the second field of the Flash Flash, and each bit in the second field is used to indicate whether a version is disabled.
  • the first value of the parity bit is 1, and the second value of the second parity bit is 0.
  • the first value of the parity bit is 0, and the second value of the second parity bit is 1.
  • the stored content needs to be protected by the secret key, and the verification bit is allowed to be updated after the signature is authenticated.
  • the method further includes: performing signature verification on the version information of the first version; The step of determining the parity bit corresponding to the version number of the first version according to the version number of the first version is performed. To prevent the version from being tampered with, you can perform security check on the version at the time of startup or upgrade to improve security.
  • the embodiment of the present invention may be applied to verifying the version when the version is upgraded, and obtaining the first
  • the version information includes: receiving the first version upgrade indication, and obtaining the version information of the first version according to the upgrade instruction; the method further includes: if the verification fails, the upgrade is not performed to the first version; if the verification is passed, the upgrade is performed. To the first version.
  • receiving the first version upgrade indication may be: receiving an indication of upgrading the operating system version, or receiving an indication of upgrading the application version.
  • the embodiment of the present invention may be applied to verifying the version when the version is upgraded, and obtaining the first Version version information package And receiving the startup instruction of the first version, and obtaining the version information of the first version according to the startup instruction; the method further includes: when the first version verification fails, the first version is not started; when the first version is verified When the first version is started.
  • receiving the startup indication for starting the first version may be: receiving an indication to start an operating system version, or receiving an indication to start an application version.
  • an embodiment of the present invention provides a version verification apparatus, which specifically implements a function corresponding to the version verification method provided by the foregoing first aspect.
  • the functions may be implemented by hardware or by executing corresponding software programs through hardware.
  • the hardware and software include one or more unit modules corresponding to the functions described above, which may be software and/or hardware.
  • the device comprises:
  • a version information obtaining module configured to obtain version information of the first version, the version information includes a version number of the first version
  • a version verification module configured to determine, according to the version number of the first version, a version corresponding to the version number of the first version If the check bit corresponding to the version number of the first version is the first value, it is determined that the first version is disabled, the first version check fails, and the check bit corresponding to the version number of the first version The bit is the second value, it is determined that the first version is available, and the first version is verified.
  • the apparatus further includes:
  • a receiving module configured to receive an indication that the second version is disabled, and a version number of the second version is included in the indication of disabling the second version
  • a parity bit updating module configured to determine a version number of the second version according to the version number of the second version Corresponding check bits, the check bit position corresponding to the version number of the second version is the first value.
  • the verification bit corresponding to the version number of the first version is stored in the first part of the electronic fuse metal fuse eFuse In the field, each bit in the first field is used to indicate whether a version is disabled.
  • the first value of the parity bit is 1, and the second value of the second parity bit is 0.
  • the verification bit corresponding to the version number of the first version is stored in the second field of the flash memory, Each bit in the two fields is used to indicate whether a version is disabled.
  • the first value of the parity bit is 1, and the second value of the second parity bit is 0.
  • the first value of the parity bit is 0, and the second value of the second parity bit is 1.
  • the apparatus further includes: a signature authentication module, configured to perform signature verification on the version information of the first version, when When the signature authentication is passed, the version verification module performs the step of determining the parity bit corresponding to the version number of the first version according to the version number of the first version.
  • a signature authentication module configured to perform signature verification on the version information of the first version, when When the signature authentication is passed, the version verification module performs the step of determining the parity bit corresponding to the version number of the first version according to the version number of the first version.
  • the version information obtaining module is configured to receive an upgrade indication, and obtain version information of the first version according to the upgrade indication.
  • the device further includes: an upgrade module, configured to not upgrade to the first version when the verification fails, and upgrade to the first version if the verification passes.
  • the version information acquiring module is configured to receive a startup indication for starting the first version, and obtain the first according to the startup indication.
  • Version version information the device further includes: a security startup module, configured to not start the first version when the first version verification fails, and start the first version when the first version verification passes.
  • an embodiment of the present invention further provides a chip for executing program code to perform all or part of the steps of the version verification method of the first aspect.
  • the chip comprises an electronic fuse metal fuse eFuse, wherein the eFuse stores a version check bit, and each bit is used to indicate whether a version is disabled.
  • the chip is a system level chip SOC.
  • an embodiment of the present invention further provides a terminal device, where the terminal device includes: a transceiver, a processor, and a memory connected to each other; the memory is configured to store the program code, and the processor calls the program code in the memory to execute All or part of the steps in the first aspect:
  • the version information includes a version number of the first version; determining a parity bit corresponding to the version number of the first version according to the version number of the first version; and verifying the version number corresponding to the version of the first version If the bit is the first value, it is determined that the first version is disabled, the first version verification is not passed; if the verification bit corresponding to the version number of the first version is the second value, determining that the first version is available, first The version verification passed.
  • the embodiment of the present invention further provides a computer storage medium, where the medium stores an application program, and the program includes some or all of the steps in the version verification method of the first aspect.
  • the version number of each version has a corresponding check bit, and the bit is used to indicate the version disable and available information.
  • the version number of the version is first obtained. Determining a parity bit corresponding to the version number. If the parity bit corresponding to the version number of the version is the first value, determining that the version is disabled, the verification fails, and if the version number of the version corresponds to the verification If the bit is the second value, it is determined that the version is available and the check is passed.
  • the version after obtaining a certain version, the version can be verified by security, and the version that has not been verified cannot be used, thereby preventing an attacker from using a version with a security vulnerability for security attacks.
  • FIG. 1 is a schematic diagram of a signature verification process related to system security startup in an embodiment of the present invention
  • FIG. 2 is a flowchart of a version verification method according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of performing verification by using eFuse to store version verification information according to an embodiment of the present invention
  • FIG. 5 is a structural diagram of a function module of a version verification apparatus according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of hardware of a terminal device according to an embodiment of the present invention.
  • the version verification method in the embodiment of the present invention is applicable to various terminal devices with a central processing unit (CPU) and an application, including a computing device, an in-vehicle device, a wearable device, and various forms.
  • UE User Equipment
  • MS Mobile Station
  • Terminal Terminal Equipment, etc.
  • the embodiment of the present invention is applicable to a scenario in which software can be upgraded, and a software version of the software is verified in the terminal device with multiple software versions.
  • the software may be an operating system or an application on the system.
  • system security boot of ARM architecture version verification of scenarios such as secure startup of an application.
  • the embodiment of the invention is described by taking the system security startup as an example.
  • the version verification method in the embodiment of the present invention is described with reference to FIG. 1, and the execution body of the method is a processor (CPU).
  • the execution body of the method is a processor (CPU).
  • the first version in the embodiment of the present invention is only a specific version, and the “first” is used to distinguish similar objects, and is not used to describe a specific order or order.
  • the processor receives the upgrade indication, and obtains version information of the version to be upgraded (the first version) according to the upgrade instruction.
  • the processor receives the startup instruction for starting the version, and then obtains the version information of the version to be started according to the startup instruction.
  • the version information includes the version number and the program startup code of the version.
  • the version After obtaining the version information of the first version, the version is security checked to determine whether the version is a usable version.
  • the version number of each version has a corresponding check bit, which indicates the version of the disable and available information by the check bit.
  • the verification bit corresponding to a version number is the first value, indicating that the version corresponding to the version number is disabled, and when the verification bit corresponding to the version number is the second value, indicating that the version number corresponds to The version is available.
  • the parity bit can be stored in an electronic fuse (eFuse) or in an off-chip memory (such as Flash). When stored in off-chip memory, it needs to be protected by a key. Update.
  • eFuse electronic fuse
  • off-chip memory such as Flash
  • eFuse is an important non-volatile memory unit consisting of a fuse structure that can be programmed and stored on the chip by a fuse.
  • the eFuse module has a one-time blown feature: the default stored bits in eFuse are 0, and the required bits can be changed from 0 to 1 by programming. Once set, it cannot be changed to 0.
  • a first field is added to the eFuse of the SoC, and each bit in the field is used to indicate whether a version is available (ie, is disabled).
  • the first field may be an NV_BITMAP_E field.
  • the first value in the parity bit has a value of 1
  • the second value in the parity bit has a value of 0, that is, a certain bit in the first field in the eFuse.
  • the bit indicates that the version corresponding to the bit has been disabled.
  • a bit indicates that the version corresponding to the bit is available.
  • the version information of the system off-chip boot code version is stored in Flash: version 0 (Ver0).
  • the CPU stores an on-chip boot loader (Boot), and includes an eFuse module.
  • the bit 0 of the version 0 in the NV_BITMAP_E field of the eFuse module is 0, indicating that version 0 is available.
  • Bit 0 is 1 to indicate that version 0 (Ver0) is disabled; Bit 1 is 0 to indicate that version 1 (Ver1) is available; ... Bit 16 is 0 to indicate that version 16 (Ver16) is available.
  • the check bit corresponding to the version number of the first version is determined according to the version number of the first version, and whether the version number is available according to whether the bit corresponding to the version number is 0 or 1 is used.
  • the parity bit is stored in the off-chip Flash, and a second field is added in the Flash, and each bit in the field is used to indicate whether a version is available (that is, whether it is disabled). .
  • the first value in the parity bit is 1, and the second value in the parity bit is 0, that is, the first field in eFuse
  • a certain bit is 1, it indicates that the version corresponding to the bit has been disabled.
  • a certain bit is 0, it indicates that the version corresponding to the bit is available.
  • the value of the first value is 0, indicating that the version corresponding to the bit has been disabled, and the value of the second value is 1, indicating that the version corresponding to the bit is available.
  • the second field is signed with a private key, and when the security startup is verified, the second field in the Flash needs to be read, or when the second field in the Flash needs to be updated, the public key is used first.
  • the authentication signature is allowed to read or update the parity bit if the signature authentication is passed.
  • mapping relationship between the check bits in the Flash and the version number of the version of the off-chip boot code is the same as that in FIG. 2, and details are not described herein.
  • parity bit corresponding to the version number of the first version is the first value, it is determined that the first version is disabled, and the first version verification fails.
  • the verification bit corresponding to the version number of the first version is the first value from the first field of the eFuse or the parity bit in the second field of the off-chip memory according to the version number of the first version, If the version is not available, that is, it is disabled, the first version verification will not pass.
  • the first version is not verified when the first version is started, it indicates that there is a security problem in the version, and the version is not allowed to be started.
  • the first version is not verified when you upgrade to the first version, it indicates that there is a security problem in the version, and you are not allowed to upgrade to the version.
  • parity bit corresponding to the version number of the first version is the second value, it is determined that the first version is available, and the first version is verified.
  • the parity bit in the first field of the eFuse or the second field of the off-chip memory according to the version number of the first version If the verification bit corresponding to the version number of the first version is determined to be the second value, it is known that the version is available, and the first version is verified.
  • the first version is verified when the first version is started, it indicates that there is no security problem in the version, and the version is allowed to be started.
  • the first version is verified when you upgrade to the first version, it means that there is no security problem in the version, and you are allowed to upgrade to the version.
  • the following describes the process of verifying the bit position of a version with a security problem.
  • the processor receives an indication that the second version is disabled, and the disable indication includes a version number of the second version, and the processor determines the version of the second version according to the version number.
  • the parity bit corresponding to the number is the first bit, and the bit is originally the second value.
  • the bit position is the first value, for example, when the second value is 0 and the first value is 1. Set this bit from 0 to 1. To indicate that the second version is not available, that is, it has been disabled, subsequent upgrades are not allowed to be upgraded to the version, or the version is not allowed to be started.
  • An application scenario is to upgrade to a new version when a vulnerability is found in a version.
  • the verification bit position corresponding to the version number of the vulnerable version is required to be the first value, and the version to be upgraded is subjected to the version verification in the embodiment shown in FIG. 1.
  • the version verification in the embodiment shown in FIG. 1 is not performed during the upgrade.
  • the version in the embodiment shown in FIG. 1 is performed on the version. Version verification.
  • the Ver1 version has a security vulnerability and Ver1 is upgraded to Ver2. If the eFuse is used to store the parity bit, after the Ver2 upgrade is started, the NV_BITMAP_E is updated, and the bit corresponding to the unusable version Ver1 is set. Then the version of Ver1 with security vulnerabilities can no longer pass the version verification. Other versions of Ver0 and Ver2 without security vulnerabilities can still pass the version verification.
  • the version number of each version has a corresponding check bit, and the version disable and available information is indicated by the bit.
  • the verification bit corresponding to the version number is first determined according to the version number of the version. If the verification bit corresponding to the version number of the version is the first value, it is determined that the version is disabled. If the verification fails, the version is not allowed to be upgraded or started. If the verification bit corresponding to the version number of the version is the second value, it is determined that the version is available. If the verification is passed, the version is allowed to be upgraded or started.
  • the version after obtaining a certain version, the version can be verified by security, and the version that has not been verified cannot be used, thereby preventing an attacker from using a version with a security vulnerability for security attacks.
  • the verification bit information can be updated according to the version of the security information (bugList), and the bit corresponding to the version of the security vulnerability is set to be disabled in time, thereby ensuring that the version with the security vulnerability cannot be used, preventing the attacker from using A version of the security vulnerability is used for security attacks.
  • bugList version of the security information
  • each version of the embodiment of the present invention corresponds to one parity bit.
  • Other versions before the disabled version can be used if there is no security vulnerability. If the current version cannot be started for some reason, Start the previous version as a backup version. Therefore, the integrity of the solution can be improved.
  • the version information of the version needs to be signed and authenticated.
  • the signature authentication is passed, the steps 102 to 104 in the embodiment shown in FIG. 1 are performed.
  • FIG. 1 is a schematic diagram of a signature verification process related to system security startup.
  • the schematic diagram shown in FIG. 1 uses an eFuse module to store keys and other security-related content.
  • the principle of signature authentication may be: using a RSA asymmetric encryption algorithm, using a private key signature, and a public key authentication signature authentication mechanism to construct a securely initiated trust chain.
  • the chip vendor randomly generates an asymmetric key pair, and burns the public key hash value and the private key index into Efuse.
  • the public key is written to the specified location of the flash, and the device vendor uses a one-way hash function: a hash function pair.
  • the system startup code generates a message digest, and then encrypts the message digest using the Efuse private key, that is, digital signature.
  • the signed message digest is put together with the system startup code and written to the off-chip memory.
  • the off-chip memory is usually FLASH, for example,
  • the non-Volatile Random Access Memory (NVRAM) is shown in FIG. 4.
  • the public-private key pair is generated internally by the chip, is invisible to the programming and verification process, and is not backed up.
  • the on-chip Boot ROM contains the minimum system initialization and signature authentication security check procedure.
  • the Hash value is generated for the public key in Flash and the trusted public key root of Efuse (Root Of Trust). Public Key, ROTPK)
  • the trusted public key root is the SHA256 Hash value of the EK public key (N, e) used for secure boot to ensure that the public key used for the verification signature is uniquely specified. If passed, the Hash digest value is generated for the off-chip system startup code, and the original Hash digest value is obtained by using the public key authentication signature. After verifying the two digest values, it is known whether the system startup code has been tampered with, whether it is expected or not. Authorized code. After the off-chip system startup code signature authentication verification is passed, switch to the off-chip system startup code execution to guide the subsequent startup program.
  • the system startup code needs to be signed and authenticated. After the signature authentication is passed, it is confirmed that the system startup code has not been tampered with, and then the version verification in the embodiment shown in FIG. 1 is performed to determine the version. Whether the system startup code is available or not, is allowed to start when the version is available. This makes it possible to ensure the security at the start of the program.
  • the version verification apparatus in the embodiment of the present invention includes:
  • the version information obtaining module 501 is configured to obtain version information of the first version, where the version information includes a version number of the first version;
  • the version verification module 502 is configured to determine, according to the version number of the first version, a parity bit corresponding to the version number of the first version, and if the verification bit corresponding to the version number of the first version is the first value, determine the first A version is disabled, the first version check fails, and if the check bit corresponding to the version number of the first version is the second value, it is determined that the first version is available, and the first version is verified.
  • the apparatus further includes:
  • the receiving module 503 is configured to receive an indication that the second version is disabled, and the version that disables the second version includes a version number of the second version.
  • the check digit update module 504 is configured to determine the second version according to the version number of the second version.
  • the parity bit corresponding to the version number, and the parity bit corresponding to the version number of the second version is the first value.
  • the verification bit corresponding to the version number is stored in a first field of the electronic fuse metal fuse eFuse, and each bit in the first field is used to indicate whether a version is disabled.
  • the verification bit corresponding to the version number is stored in a second field of the flash memory, and each bit in the second field is used to indicate whether a version is disabled.
  • the device further includes: a signature authentication module 505, configured to perform signature verification on the version information of the first version, and when the signature authentication is passed, the version verification module 502 executes the version number according to the first version. The step of determining the parity bit corresponding to the version number of the first version.
  • the version information obtaining module 501 is configured to receive an upgrade indication, and obtain version information of the first version according to the upgrade instruction.
  • the device further includes: an upgrade module 506, configured to: when the verification fails, Upgrade to the first version; if the verification passes, upgrade to the first version.
  • the version information obtaining module 501 is configured to receive a startup indication for starting the first version, and obtain version information of the first version according to the startup indication.
  • the device further includes: a security startup module 507, configured to be used by When the version verification fails, the first version is not started. When the first version is verified, the first version is started.
  • the functions implemented in the foregoing version verification method may be implemented by an application-specific integrated circuit (ASIC: ASIC) or a programmable logic device (English: programmable logic device, PLD for short).
  • ASIC application-specific integrated circuit
  • PLD programmable logic device
  • the PLD may be a complex programmable logic device (CPLD), an FPGA, a general array logic (GAL), or any combination thereof.
  • an embodiment of the present invention further provides a chip for executing program code to perform all or part of the steps of the foregoing version verification method embodiment.
  • the chip includes an electronic fuse metal fuse eFuse in which a version check bit is stored, each bit being used to indicate whether a version is disabled.
  • the embodiment of the present invention further provides a terminal device, which may exist in the form of a user equipment (for example, a mobile phone).
  • the terminal device may also include a handheld device, an in-vehicle device, a wearable device, a computing device, and various forms of user devices.
  • the handheld device can be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), and the like.
  • the terminal device in the embodiment of the present invention will be described below by taking a mobile phone as an example.
  • FIG. 6 is a block diagram showing a partial structure of a mobile phone related to a user equipment provided by an embodiment of the present invention.
  • the mobile phone includes: a radio frequency (RF) circuit 610, a memory 620, an input unit 630, a display unit 640, a sensor 650, an audio circuit 660, a wireless fidelity (WiFi) module 670, and a processor 680. And power supply 690 and other components.
  • the radio frequency circuit 610 and the WiFi module 670 are transceivers. It will be understood by those skilled in the art that the structure of the handset shown in FIG. 6 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different components may be arranged.
  • the memory 620 can be used to store software programs and modules, and the processor 680 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 620.
  • the memory 620 can mainly include a storage program area and a storage data area, wherein the storage program area can store an operating system, an application required for at least one function. Programs (such as sound playback function, image playback function, etc.); the storage data area can store data (such as audio data, phone book, etc.) created according to the use of the mobile phone.
  • memory 620 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the application stored in the memory 620 includes some or all of the steps in the methods corresponding to the foregoing FIG. 1 to FIG. 4 when executed.
  • the memory 620 stores information such as the version number information, the program startup code corresponding to the version, and the like.
  • the input unit 630 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset.
  • the input unit 630 may include a touch panel 631 and other input devices 632.
  • the touch panel 631 also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 631 or near the touch panel 631. Operation), and drive the corresponding connecting device according to a preset program.
  • the touch panel 631 can include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 680 is provided and can receive commands from the processor 680 and execute them.
  • the touch panel 631 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 630 may also include other input devices 632.
  • other input devices 632 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • the display unit 640 can be used to display information input by the user or information provided to the user.
  • the display unit 640 can include a display panel 641.
  • the display panel 641 can be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like.
  • the touch panel 631 can cover the display panel 641. When the touch panel 631 detects a touch operation on or near it, the touch panel 631 transmits to the processor 680 to determine the type of the touch event, and then the processor 680 according to the touch event. The type provides a corresponding visual output on display panel 641.
  • the touch panel 631 and the display panel 641 are two independent components to implement the input and input functions of the mobile phone, in some embodiments, the touch panel 631 may be integrated with the display panel 641. Realize the input and output functions of the phone.
  • the processor 680 is the control center of the handset, and connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 620, and invoking data stored in the memory 620, executing The phone's various functions and processing data, so that the overall monitoring of the phone.
  • the processor 680 may include one or more processing units; preferably, the processor 680 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 680.
  • the processor 680 in the embodiment of the present invention is configured to execute an application in the memory 620 to perform some or all of the steps performed by the processor in the embodiment of FIG. 1 to FIG.
  • the mobile phone may further include at least one type of sensor 650 and a power source 690. Although not shown, the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein.
  • an embodiment of the present invention further provides a computer storage medium, where the medium stores an application program, and the program Execution includes some or all of the steps in the above version verification method.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium.
  • a number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

A version check method, apparatus and terminal device, used for preventing an attacker from using versions having security vulnerabilities to carry out security attacks so as to improve system security. In the method, a version number of each version has a corresponding check bit, and forbidden information and available information of a version are indicated by means of the bits; when acquiring a first version, a check bit corresponding to a version number is first determined according to the version number of the version; if the check bit corresponding to the version number of the version is a first numerical value, the version is determined to be forbidden and the check has not passed; and if the check bit corresponding to the version number of the version is a second numerical value, then the version is determined to be available and the check has passed. By means of said method, a security check may be conducted on the versions, and versions which do not pass the check may not be used, thus an attacker may be prevented from using versions having security vulnerabilities to carry out security attacks.

Description

一种版本校验方法、装置及终端设备Version verification method, device and terminal device
本申请要求于2016年11月15日提交中国专利局、申请号为201611005776.8、申请名称为“一种版本校验方法、装置及终端设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201611005776.8, filed on November 15, 2016, the entire disclosure of which is hereby incorporated by reference. In this application.
技术领域Technical field
本发明涉及计算机领域,尤其涉及一种版本校验方法、装置及终端设备。The present invention relates to the field of computers, and in particular, to a version verification method, apparatus, and terminal device.
背景技术Background technique
系统安全是为了支持安全启动以及保证系统在可信环境中运行的一整套软硬件方案。基于ARM架构的系统安全方案通常由Secure Boot和Trust Zone技术结合而成,SecureBoot是系统安全的基础,负责整个安全系统的初始化过程。根据可信的完整性理论,系统的安全启动是整个系统安全的可信根,只有保证了系统启动的安全,才能保证系统其他各部件的安全。System security is a set of hardware and software solutions to support secure boot and to ensure that the system runs in a trusted environment. The system security solution based on the ARM architecture is usually a combination of Secure Boot and Trust Zone technologies. SecureBoot is the basis of system security and is responsible for the initialization process of the entire security system. According to the credible integrity theory, the safe start of the system is the trusted root of the entire system security, and only the security of the system startup can ensure the security of other components of the system.
系统安全启动时,系统采取逐级认证签名,认证通过之后引导后续的过程。通常安全版本的摘要签名和代码存储在片外(通常是Flash),系统首先由片内Boot启动,对片外启动代码签名认证校验通过后,切换到片外启动代码执行,引导后续启动程序。When the system is safely started, the system adopts a step-by-step authentication signature, and the subsequent process is guided after the authentication is passed. Usually the security version of the digest signature and code is stored off-chip (usually Flash), the system is first started by the on-chip Boot, after the off-chip startup code signature authentication verification is passed, switch to the off-chip startup code execution, and guide the subsequent startup program. .
如果片外安全版本有安全漏洞,需要升级,假设有安全漏洞的版本为VerX,升级版本为VerY,VerX存在安全漏洞,升级之后,攻击者也可以将版本回退到VerX,利用其中的漏洞,进行安全攻击,因此存在系统安全风险。If the off-chip security version has a security vulnerability, you need to upgrade. If the version of the security vulnerability is VerX, the upgrade version is VerY, and the security vulnerability exists in VerX. After the upgrade, the attacker can also roll back the version to VerX and use the vulnerability. A security attack is performed, so there is a system security risk.
发明内容Summary of the invention
本发明实施例提供了一种版本校验方法、装置及终端设备,能够防止攻击者使用有安全漏洞的版本进行安全攻击,提高了系统安全。The embodiment of the invention provides a version verification method, device and terminal device, which can prevent an attacker from using a version with a security vulnerability to perform a security attack and improve system security.
本发明实施例适用于对软件版本进行安全校验的场景,该软件可以是操作系统、也可以是在系统上的应用程序。The embodiment of the present invention is applicable to a scenario in which a software version is verified by security. The software may be an operating system or an application on the system.
第一方面,本发明实施例提供了一种版本校验方法,该方法包括:In a first aspect, an embodiment of the present invention provides a version verification method, where the method includes:
在操作系统或应用程序需要安全启动或升级的场景下,处理器获取第一版本的版本信息,版本信息包括第一版本的版本号,其中,版本号用于标识所述第一版本;根据第一版本的版本号确定第一版本的版本号对应的校验比特位;若第一版本的版本号对应的校验比特位为第一数值,则确定第一版本被禁用,第一版本校验未通过;若第一版本的版本号对应的校验比特位为第二数值,则确定第一版本可用,第一版本校验通过。In a scenario where the operating system or the application needs to be safely started or upgraded, the processor obtains the version information of the first version, where the version information includes the version number of the first version, where the version number is used to identify the first version; The version number of a version determines a parity bit corresponding to the version number of the first version; if the parity bit corresponding to the version number of the first version is the first value, it is determined that the first version is disabled, and the first version is verified. If the verification bit corresponding to the version number of the first version is the second value, it is determined that the first version is available, and the first version is verified.
可选的,第一版本为处理器待启动的系统或应用程序的目标版本,或第二版本为处理器待升级的系统或应用程序的目标版本。Optionally, the first version is a target version of the system or application to be started by the processor, or the second version is a target version of the system or application to be upgraded by the processor.
本发明实施例中的每个版本的版本号有对应的校验比特位,通过比特位指示版本的禁用和可用信息,在获取到某个版本后,可以对该版本进行安全校验,没有校验通过的版本无法使用,因此可以防止攻击者使用有安全漏洞的版本进行安全攻击。 The version number of each version in the embodiment of the present invention has a corresponding check bit, and the bit is used to indicate the version of the version and the available information. After obtaining a version, the version can be verified by security. The verified version is unusable, so it can prevent an attacker from using a version with a security vulnerability for security attacks.
结合第一方面,在第一方面的第一种可能的实现方式中,该方法还包括:In conjunction with the first aspect, in a first possible implementation manner of the first aspect, the method further includes:
当确认某个版本存在安全漏洞时,处理器接收禁用第二版本的指示,禁用第二版本的指示中包括第二版本的版本号;根据第二版本的版本号确定第二版本的版本号对应的校验比特位;将第二版本的版本号对应的校验比特位置为所述第一数值。When it is confirmed that a certain version has a security vulnerability, the processor receives an indication that the second version is disabled, and the indication that the second version is disabled includes a version number of the second version; and the version number of the second version is determined according to the version number of the second version. a parity bit; the parity bit corresponding to the version number of the second version is the first value.
因此,校验比特位信息可根据版本的安全信息(bugList)进行更新,及时将有安全漏洞的版本对应的比特位设置为禁用,从而可以确保有安全漏洞的版本无法使用,防止攻击者使用有安全漏洞的版本进行安全攻击。Therefore, the verification bit information can be updated according to the version of the security information (bugList), and the bit corresponding to the version of the security vulnerability is set to be disabled in time, thereby ensuring that the version with the security vulnerability cannot be used, preventing the attacker from using A version of the security vulnerability is used for security attacks.
结合第一方面,或第一方面的第一种可能的实现方式,在第一方面的第二种可能的实现方式中,版本号(包括第一版本号和第二版本号)对应的校验比特位存储于电子熔断金属熔丝eFuse的第一字段中,第一字段中的每个比特位用于指示一个版本是否被禁用。With reference to the first aspect, or the first possible implementation manner of the first aspect, in the second possible implementation manner of the first aspect, the verification of the version number (including the first version number and the second version number) The bits are stored in a first field of the electronic fuse metal fuse eFuse, each bit in the first field being used to indicate whether a version is disabled.
可选的,所述校验比特位的第一数值为1,所述第二校验比特位的第二数值为0。Optionally, the first value of the parity bit is 1, and the second value of the second parity bit is 0.
可选的,所述第一字段可以为eFuse中的NV_BITMAP_E字段,当该字段中某个比特为1时,则表示该比特位对应的版本号已被禁用,当该字段中某个比特为0时,则表示该比特位对应的版本号为可用状态。Optionally, the first field may be an NV_BITMAP_E field in the eFuse. When a bit in the field is 1, the version number corresponding to the bit is disabled. When a bit in the field is 0, When it is, it indicates that the version number corresponding to the bit is available.
如此,可以利用eFuse的一次性熔断特点,若某个版本存在安全漏洞,将该版本对应的比特位熔断置1后,将再也无法回退到该版本,从而保证了版本启动或升级时的安全性。In this way, eFuse's one-time fusing feature can be utilized. If a version has a security hole, the corresponding bit of the version is set to 1 and then it can no longer be rolled back to the version, thus ensuring the version is started or upgraded. safety.
结合第一方面或第一方面的第一种可能的实现方式,在第一方面的第三种可能的实现方式中,版本号(包括第一版本号和第二版本号)对应的校验比特位存储于闪存Flash的第二字段中,第二字段中的每个比特位用于指示一个版本是否被禁用。With reference to the first aspect or the first possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the verification bit corresponding to the version number (including the first version number and the second version number) The bits are stored in the second field of the Flash Flash, and each bit in the second field is used to indicate whether a version is disabled.
可选的,一种可能的实施中,所述校验比特位的第一数值为1,所述第二校验比特位的第二数值为0。Optionally, in a possible implementation, the first value of the parity bit is 1, and the second value of the second parity bit is 0.
可选的,在另一种可能的实施中,所述校验比特位的第一数值为0,所述第二校验比特位的第二数值为1。Optionally, in another possible implementation, the first value of the parity bit is 0, and the second value of the second parity bit is 1.
若采用这种方式存储,则需要通过秘钥保护存储内容,签名认证之后才允许更新校验比特位。If stored in this way, the stored content needs to be protected by the secret key, and the verification bit is allowed to be updated after the signature is authenticated.
结合第一方面的任一种可能的实现方式,在第一方面的第四种可能的实现方式中,该方法还包括:对第一版本的版本信息进行签名认证;当签名认证通过时,才执行根据第一版本的版本号确定第一版本的版本号对应的校验比特位的步骤。以防止版本被篡改,从而可以对启动或升级时的版本进行安全校验,提高安全性。With reference to any possible implementation of the first aspect, in a fourth possible implementation manner of the first aspect, the method further includes: performing signature verification on the version information of the first version; The step of determining the parity bit corresponding to the version number of the first version according to the version number of the first version is performed. To prevent the version from being tampered with, you can perform security check on the version at the time of startup or upgrade to improve security.
结合第一方面的任一种可能的实现方式,在第一方面的第五种可能的实现方式中,本发明实施例可以应用于版本升级时对版本进行校验,校验时,获取第一版本的版本信息包括:接收第一版本升级指示,根据升级指示获取第一版本的版本信息;该方法还包括:若校验不通过,则不升级至第一版本;若校验通过,则升级至第一版本。With reference to any possible implementation of the first aspect, in a fifth possible implementation manner of the first aspect, the embodiment of the present invention may be applied to verifying the version when the version is upgraded, and obtaining the first The version information includes: receiving the first version upgrade indication, and obtaining the version information of the first version according to the upgrade instruction; the method further includes: if the verification fails, the upgrade is not performed to the first version; if the verification is passed, the upgrade is performed. To the first version.
可选的,接收第一版本升级指示可以为:接收升级操作系统版本的指示,或接收升级应用程序版本的指示。Optionally, receiving the first version upgrade indication may be: receiving an indication of upgrading the operating system version, or receiving an indication of upgrading the application version.
结合第一方面的任一种可能的实现方式,在第一方面的第六种可能的实现方式中,本发明实施例可以应用于版本升级时对版本进行校验,校验时,获取第一版本的版本信息包 括:接收启动第一版本的启动指示,根据启动指示获取第一版本的版本信息;该方法还包括:当第一版本校验不通过时,不启动第一版本;当第一版本校验通过时,启动第一版本。With reference to any possible implementation of the first aspect, in a sixth possible implementation manner of the first aspect, the embodiment of the present invention may be applied to verifying the version when the version is upgraded, and obtaining the first Version version information package And receiving the startup instruction of the first version, and obtaining the version information of the first version according to the startup instruction; the method further includes: when the first version verification fails, the first version is not started; when the first version is verified When the first version is started.
可选的,接收启动第一版本的启动指示可以为:接收启动某操作系统版本的指示,或接收启动某应用程序版本的指示。Optionally, receiving the startup indication for starting the first version may be: receiving an indication to start an operating system version, or receiving an indication to start an application version.
第二方面,本发明实施例提供了一种版本校验装置,具体实现对应于上述第一方面提供的版本校验方法的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件程序实现。硬件和软件包括一个或多个与上述功能相对应的单元模块,所述单元模块可以是软件和/或硬件。In a second aspect, an embodiment of the present invention provides a version verification apparatus, which specifically implements a function corresponding to the version verification method provided by the foregoing first aspect. The functions may be implemented by hardware or by executing corresponding software programs through hardware. The hardware and software include one or more unit modules corresponding to the functions described above, which may be software and/or hardware.
一种可能的设计中,该装置包括:In a possible design, the device comprises:
版本信息获取模块,用于获取第一版本的版本信息,该版本信息包括第一版本的版本号;版本校验模块,用于根据第一版本的版本号确定第一版本的版本号对应的校验比特位,若第一版本的版本号对应的校验比特位为第一数值,则确定第一版本被禁用,第一版本校验未通过,若第一版本的版本号对应的校验比特位为第二数值,则确定第一版本可用,第一版本校验通过。a version information obtaining module, configured to obtain version information of the first version, the version information includes a version number of the first version, and a version verification module, configured to determine, according to the version number of the first version, a version corresponding to the version number of the first version If the check bit corresponding to the version number of the first version is the first value, it is determined that the first version is disabled, the first version check fails, and the check bit corresponding to the version number of the first version The bit is the second value, it is determined that the first version is available, and the first version is verified.
结合第二方面,在第二方面的第一种可能的实现方式中,该装置还包括:In conjunction with the second aspect, in a first possible implementation of the second aspect, the apparatus further includes:
接收模块,用于接收禁用第二版本的指示,禁用第二版本的指示中包括第二版本的版本号;校验位更新模块,用于根据第二版本的版本号确定第二版本的版本号对应的校验比特位,将第二版本的版本号对应的校验比特位置为所述第一数值。a receiving module, configured to receive an indication that the second version is disabled, and a version number of the second version is included in the indication of disabling the second version; a parity bit updating module, configured to determine a version number of the second version according to the version number of the second version Corresponding check bits, the check bit position corresponding to the version number of the second version is the first value.
结合第二方面的任一种可能的实现方式,在第二方面的第二种可能的实现方式中,第一版本的版本号对应的校验比特位存储于电子熔断金属熔丝eFuse的第一字段中,第一字段中的每个比特位用于指示一个版本是否被禁用。With reference to any possible implementation of the second aspect, in a second possible implementation manner of the second aspect, the verification bit corresponding to the version number of the first version is stored in the first part of the electronic fuse metal fuse eFuse In the field, each bit in the first field is used to indicate whether a version is disabled.
可选的,所述校验比特位的第一数值为1,所述第二校验比特位的第二数值为0。Optionally, the first value of the parity bit is 1, and the second value of the second parity bit is 0.
结合第二方面的任一种可能的实现方式,在第二方面的第三种可能的实现方式中,第一版本的版本号对应的校验比特位存储于闪存Flash的第二字段中,第二字段中的每个比特位用于指示一个版本是否被禁用。With reference to any possible implementation of the second aspect, in a third possible implementation manner of the second aspect, the verification bit corresponding to the version number of the first version is stored in the second field of the flash memory, Each bit in the two fields is used to indicate whether a version is disabled.
可选的,一种可能的实施中,所述校验比特位的第一数值为1,所述第二校验比特位的第二数值为0。Optionally, in a possible implementation, the first value of the parity bit is 1, and the second value of the second parity bit is 0.
可选的,在另一种可能的实施中,所述校验比特位的第一数值为0,所述第二校验比特位的第二数值为1。Optionally, in another possible implementation, the first value of the parity bit is 0, and the second value of the second parity bit is 1.
结合第二方面的任一种可能的实现方式,在第二方面的第四种可能的实现方式中,该装置还包括:签名认证模块,用于对第一版本的版本信息进行签名认证,当签名认证通过时,则版本校验模块执行根据第一版本的版本号确定第一版本的版本号对应的校验比特位的步骤。With reference to any possible implementation of the second aspect, in a fourth possible implementation of the second aspect, the apparatus further includes: a signature authentication module, configured to perform signature verification on the version information of the first version, when When the signature authentication is passed, the version verification module performs the step of determining the parity bit corresponding to the version number of the first version according to the version number of the first version.
结合第二方面的任一种可能的实现方式,在第二方面的第五种可能的实现方式中,版本信息获取模块,具体用于接收升级指示,根据升级指示获取第一版本的版本信息;该装置还包括:升级模块,用于当校验不通过时,不升级至第一版本;若校验通过时,升级至第一版本。 With reference to any possible implementation of the second aspect, in a fifth possible implementation manner of the second aspect, the version information obtaining module is configured to receive an upgrade indication, and obtain version information of the first version according to the upgrade indication. The device further includes: an upgrade module, configured to not upgrade to the first version when the verification fails, and upgrade to the first version if the verification passes.
结合第二方面的任一种可能的实现方式,在第二方面的第二种可能的实现方式中,版本信息获取模块,具体用于接收启动第一版本的启动指示,根据启动指示获取第一版本的版本信息;该装置还包括:安全启动模块,用于当第一版本校验不通过时,不启动第一版本,当第一版本校验通过时,启动第一版本。With reference to any possible implementation of the second aspect, in a second possible implementation manner of the second aspect, the version information acquiring module is configured to receive a startup indication for starting the first version, and obtain the first according to the startup indication. Version version information; the device further includes: a security startup module, configured to not start the first version when the first version verification fails, and start the first version when the first version verification passes.
第三方面,本发明实施例还提供了一种芯片,该芯片用于执行程序代码,以执行第一方面的版本校验方法的全部或部分步骤。In a third aspect, an embodiment of the present invention further provides a chip for executing program code to perform all or part of the steps of the version verification method of the first aspect.
可选的,该芯片包括电子熔断金属熔丝eFuse,所述eFuse中存储有版本校验比特位,每个比特位用于指示一个版本是否被禁用。Optionally, the chip comprises an electronic fuse metal fuse eFuse, wherein the eFuse stores a version check bit, and each bit is used to indicate whether a version is disabled.
可选的,该芯片为系统级芯片SOC。Optionally, the chip is a system level chip SOC.
第四方面,本发明实施例还提供了一种终端设备,该终端设备包括:相互连接的收发器、处理器及存储器;存储器用于存储程序代码,处理器调用存储器中的程序代码,以执行第一方面的全部或部分步骤:In a fourth aspect, an embodiment of the present invention further provides a terminal device, where the terminal device includes: a transceiver, a processor, and a memory connected to each other; the memory is configured to store the program code, and the processor calls the program code in the memory to execute All or part of the steps in the first aspect:
获取第一版本的版本信息,版本信息包括第一版本的版本号;根据第一版本的版本号确定第一版本的版本号对应的校验比特位;若第一版本的版本号对应的校验比特位为第一数值,则确定第一版本被禁用,第一版本校验未通过;若第一版本的版本号对应的校验比特位为第二数值,则确定第一版本可用,第一版本校验通过。Obtaining version information of the first version, the version information includes a version number of the first version; determining a parity bit corresponding to the version number of the first version according to the version number of the first version; and verifying the version number corresponding to the version of the first version If the bit is the first value, it is determined that the first version is disabled, the first version verification is not passed; if the verification bit corresponding to the version number of the first version is the second value, determining that the first version is available, first The version verification passed.
第五方面,本发明实施例还提供了一种计算机存储介质,该介质存储有应用程序,该程序执行时包括上述第一方面的版本校验方法中的部分或者全部步骤。In a fifth aspect, the embodiment of the present invention further provides a computer storage medium, where the medium stores an application program, and the program includes some or all of the steps in the version verification method of the first aspect.
从以上技术方案可以看出,本发明实施例具有以下优点:It can be seen from the above technical solutions that the embodiments of the present invention have the following advantages:
本发明实施例中,每个版本的版本号有对应的校验比特位,通过比特位指示版本的禁用和可用信息,在获得某个版本(第一版本)时,先根据该版本的版本号确定该版本号对应的校验比特位,若该版本的版本号对应的校验比特位为第一数值,则确定该版本被禁用,校验未通过,若该版本的版本号对应的校验比特位为第二数值,则确定该版本可用,校验通过。通过本发明实施例,在获取到某个版本后,可以对该版本进行安全校验,没有校验通过的版本无法使用,因此可以防止攻击者使用有安全漏洞的版本进行安全攻击。In the embodiment of the present invention, the version number of each version has a corresponding check bit, and the bit is used to indicate the version disable and available information. When a version (first version) is obtained, the version number of the version is first obtained. Determining a parity bit corresponding to the version number. If the parity bit corresponding to the version number of the version is the first value, determining that the version is disabled, the verification fails, and if the version number of the version corresponds to the verification If the bit is the second value, it is determined that the version is available and the check is passed. According to the embodiment of the present invention, after obtaining a certain version, the version can be verified by security, and the version that has not been verified cannot be used, thereby preventing an attacker from using a version with a security vulnerability for security attacks.
附图说明DRAWINGS
图1为本发明实施例中系统安全启动相关的签名校验过程示意图;1 is a schematic diagram of a signature verification process related to system security startup in an embodiment of the present invention;
图2为本发明实施例中版本校验方法流程图;2 is a flowchart of a version verification method according to an embodiment of the present invention;
图3为本发明实施例中通过eFuse存储版本校验信息进行校验的示意图;FIG. 3 is a schematic diagram of performing verification by using eFuse to store version verification information according to an embodiment of the present invention; FIG.
图4为本发明实施例中版本校验方法的另一种流程图;4 is another flowchart of a version verification method according to an embodiment of the present invention;
图5为本发明实施例中的版本校验装置功能模块结构图;FIG. 5 is a structural diagram of a function module of a version verification apparatus according to an embodiment of the present invention; FIG.
图6为本发明实施例中终端设备的硬件结构示意图。FIG. 6 is a schematic structural diagram of hardware of a terminal device according to an embodiment of the present invention.
具体实施方式detailed description
为了使本发明的技术方案及有益效果更加清楚,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于 限定本发明。In order to make the technical solutions and the beneficial effects of the present invention more clear, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to The invention is defined.
此外本发明实施例中的版本校验方法适用于各种带有处理器(Central Processing Unit,简称:CPU)及应用程序的终端设备,包括计算设备、车载设备、可穿戴设备、以及各种形式的用户设备(User Equipment,简称UE),移动台(Mobile station,简称MS),终端(terminal),终端设备(Terminal Equipment)等等。In addition, the version verification method in the embodiment of the present invention is applicable to various terminal devices with a central processing unit (CPU) and an application, including a computing device, an in-vehicle device, a wearable device, and various forms. User Equipment (UE), Mobile Station (MS), Terminal, Terminal Equipment, etc.
本发明实施例适用于可以对软件进行升级,存在多个软件版本的上述终端设备中对软件的版本进行安全校验的场景,该软件可以是操作系统、也可以是在系统上的应用程序,例如:ARM架构的系统安全启动,某个应用程序的安全启动等场景的版本校验。本发明实施例以系统安全启动为例进行说明。The embodiment of the present invention is applicable to a scenario in which software can be upgraded, and a software version of the software is verified in the terminal device with multiple software versions. The software may be an operating system or an application on the system. For example: system security boot of ARM architecture, version verification of scenarios such as secure startup of an application. The embodiment of the invention is described by taking the system security startup as an example.
结合图1,对本发明实施例中的版本校验方法进行说明,该方法的执行主体为处理器(CPU)。The version verification method in the embodiment of the present invention is described with reference to FIG. 1, and the execution body of the method is a processor (CPU).
101、获取第一版本的版本信息,该版本信息包括第一版本的版本号;101. Obtain version information of the first version, where the version information includes a version number of the first version;
获取版本的场景和方式有多种,包括在系统版本需要升级时,需要获取待升级的版本;在开机启动系统时,需要获取需要启动的版本;在安装新的版本时,也会获得待安装的版本。You can obtain the versions and scenarios of the version, including the version to be upgraded when the system version needs to be upgraded. You need to obtain the version to be started when you start the system. When you install the new version, you also get the version to be installed. version of.
本发明实施例中的第一版本仅是特指某个版本,其中的“第一”是用于区别类似的对象,而不是用于描述特定的顺序或先后次序。The first version in the embodiment of the present invention is only a specific version, and the “first” is used to distinguish similar objects, and is not used to describe a specific order or order.
在进行版本升级时,处理器接收升级指示,根据该升级指示获取待升级的版本(第一版本)的版本信息。When the version is upgraded, the processor receives the upgrade indication, and obtains version information of the version to be upgraded (the first version) according to the upgrade instruction.
或者,在开机安全启动,或者升级后安全启动某个版本(即第一版本)时,处理器会接收到启动该版本的启动指示,之后根据该启动指示获取待启动的该版本的版本信息,Alternatively, when the booting is safely started, or a certain version (ie, the first version) is safely started after the upgrade, the processor receives the startup instruction for starting the version, and then obtains the version information of the version to be started according to the startup instruction.
其中版本信息包括版本号以及该版本的程序启动代码等信息。The version information includes the version number and the program startup code of the version.
102、根据第一版本的版本号确定第一版本的版本号对应的校验比特位;102. Determine, according to the version number of the first version, a parity bit corresponding to the version number of the first version.
在获取到第一版本的版本信息后,对该版本进行安全校验,确定该版本是否是可用的版本。After obtaining the version information of the first version, the version is security checked to determine whether the version is a usable version.
每个版本的版本号有对应的校验比特位,通过校验比特位指示版本的禁用和可用信息。The version number of each version has a corresponding check bit, which indicates the version of the disable and available information by the check bit.
当某个版本号对应的校验比特位为第一数值时,指示该版本号对应的版本被禁用,当某个版本号对应的校验比特位为第二数值时,指示该版本号对应的版本可用。When the verification bit corresponding to a version number is the first value, indicating that the version corresponding to the version number is disabled, and when the verification bit corresponding to the version number is the second value, indicating that the version number corresponds to The version is available.
该校验比特位可以存储于电子熔断金属熔丝(eFuse)中,也可以存储于片外存储器(如:Flash)里,存储在片外存储器时,需要通过秘钥保护,签名认证之后才允许更新。The parity bit can be stored in an electronic fuse (eFuse) or in an off-chip memory (such as Flash). When stored in off-chip memory, it needs to be protected by a key. Update.
1、存储于eFuse中1, stored in eFuse
在系统级芯片(System-on-a-Chip,简称:SOC)中,eFuse是一种重要的非易失性存储单元,由熔丝结构构成,通过熔丝可以在芯片上编程并存储信息,eFuse模块有一次性熔断的特性:eFuse中默认存储的比特位都是0,可以通过编程将需要的比特位由0改为1,一旦置1,就不能再改为0。利用eFuse的一次性熔断的特性,在SoC的eFuse中增加第一字段,该字段中对应的每个比特位用于指示一个版本是否可用(也即是否被禁用)。In System-on-a-Chip (SOC), eFuse is an important non-volatile memory unit consisting of a fuse structure that can be programmed and stored on the chip by a fuse. The eFuse module has a one-time blown feature: the default stored bits in eFuse are 0, and the required bits can be changed from 0 to 1 by programming. Once set, it cannot be changed to 0. Using the one-time blown feature of eFuse, a first field is added to the eFuse of the SoC, and each bit in the field is used to indicate whether a version is available (ie, is disabled).
可选的,该第一字段可以为NV_BITMAP_E字段。 Optionally, the first field may be an NV_BITMAP_E field.
在eFuse中,所述校验比特位中的第一数值的取值为1,所述校验比特位中的第二数值的取值为0,即当eFuse中的第一字段中某个比特位为1时,表示该比特位对应的版本已被禁用,当某个比特位为0时,表示该比特位对应的版本可用。In the eFuse, the first value in the parity bit has a value of 1, and the second value in the parity bit has a value of 0, that is, a certain bit in the first field in the eFuse. When the bit is 1, it indicates that the version corresponding to the bit has been disabled. When a bit is 0, it indicates that the version corresponding to the bit is available.
如图2所示,Flash中存储有系统片外启动代码版本的版本信息:版本0(Ver0)。CPU中存储有片内启动引导程序(Boot),还包括有eFuse模块,eFuse模块中NV_BITMAP_E字段中的版本0对应的比特位Bit0为0,表示版本0可用。As shown in Figure 2, the version information of the system off-chip boot code version is stored in Flash: version 0 (Ver0). The CPU stores an on-chip boot loader (Boot), and includes an eFuse module. The bit 0 of the version 0 in the NV_BITMAP_E field of the eFuse module is 0, indicating that version 0 is available.
假设有片外启动代码有16个版本,NV_BITMAP_E字段中有32bit,则第0至第15bit分别用于指示版本0至版本15的是否可用,比特位和版本号之间的对应关系可以如图3所示。Bit 0为1,用于指示版本0(Ver0)被禁用;Bit 1为0,用于指示版本1(Ver1)可用;……Bit 16为0,用于指示版本16(Ver16)可用。Suppose there are 16 versions of the off-chip startup code and 32 bits in the NV_BITMAP_E field. The 0th to 15th bits are used to indicate whether the version 0 to the version 15 are available. The correspondence between the bit and the version number can be as shown in Figure 3. Shown. Bit 0 is 1 to indicate that version 0 (Ver0) is disabled; Bit 1 is 0 to indicate that version 1 (Ver1) is available; ... Bit 16 is 0 to indicate that version 16 (Ver16) is available.
在进行版本安全校验时,根据第一版本的版本号确定第一版本的版本号对应的校验比特位,根据该版本号对应的比特位是0还是1来确定该版本号是否可用。When the version security check is performed, the check bit corresponding to the version number of the first version is determined according to the version number of the first version, and whether the version number is available according to whether the bit corresponding to the version number is 0 or 1 is used.
2、存储于片外存储器中2, stored in off-chip memory
以片外存储器为Flash进行举例,校验比特位存放在片外Flash里,在Flash中增加第二字段,该字段中的每个比特位用于指示一个版本是否可用(也即是否被禁用)。Taking the off-chip memory as an example of Flash, the parity bit is stored in the off-chip Flash, and a second field is added in the Flash, and each bit in the field is used to indicate whether a version is available (that is, whether it is disabled). .
可选的,在Flash中,所述校验比特位中的第一数值的取值为1,所述校验比特位中的第二数值的取值为0,即当eFuse中的第一字段中某个比特位为1时,表示该比特位对应的版本已被禁用,当某个比特位为0时,表示该比特位对应的版本可用。Optionally, in the Flash, the first value in the parity bit is 1, and the second value in the parity bit is 0, that is, the first field in eFuse When a certain bit is 1, it indicates that the version corresponding to the bit has been disabled. When a certain bit is 0, it indicates that the version corresponding to the bit is available.
可选的,在Flash中,也可以是第一数值的取值为0,表示该比特位对应的版本已被禁用,第二数值的取值为1,表示该比特位对应的版本可用。Optionally, in the Flash, the value of the first value is 0, indicating that the version corresponding to the bit has been disabled, and the value of the second value is 1, indicating that the version corresponding to the bit is available.
进一步,为了保证安全性,对该第二字段使用私钥签名,在安全启动进行校验需要读取Flash中的第二字段,或需要对Flash中的第二字段进行更新时,先使用公钥认证签名,若签名认证通过,才允许读取或更新校验比特位。Further, in order to ensure security, the second field is signed with a private key, and when the security startup is verified, the second field in the Flash needs to be read, or when the second field in the Flash needs to be updated, the public key is used first. The authentication signature is allowed to read or update the parity bit if the signature authentication is passed.
Flash中的校验比特位与片外启动代码的版本的版本号之间的映射关系与图2相同,此处不做赘述。The mapping relationship between the check bits in the Flash and the version number of the version of the off-chip boot code is the same as that in FIG. 2, and details are not described herein.
103、若第一版本的版本号对应的校验比特位为第一数值,则确定第一版本被禁用,第一版本校验未通过;103. If the parity bit corresponding to the version number of the first version is the first value, it is determined that the first version is disabled, and the first version verification fails.
根据第一版本的版本号从eFuse的第一字段或片外存储器的第二字段中的校验比特位中确定第一版本的版本号对应的校验比特位为第一数值时,则获知该版本不可用,即被禁用,则该第一版本校验不通过。Obtaining that when the verification bit corresponding to the version number of the first version is the first value from the first field of the eFuse or the parity bit in the second field of the off-chip memory according to the version number of the first version, If the version is not available, that is, it is disabled, the first version verification will not pass.
若是在启动第一版本时,对第一版本校验不通过,则说明该版本存在安全问题,则不允许启动该版本。If the first version is not verified when the first version is started, it indicates that there is a security problem in the version, and the version is not allowed to be started.
若是在升级至第一版本时,对第一版本校验不通过,则说明该版本存在安全问题,则不允许升级至该版本。If the first version is not verified when you upgrade to the first version, it indicates that there is a security problem in the version, and you are not allowed to upgrade to the version.
104、若第一版本的版本号对应的校验比特位为第二数值,则确定第一版本可用,第一版本校验通过。104. If the parity bit corresponding to the version number of the first version is the second value, it is determined that the first version is available, and the first version is verified.
根据第一版本的版本号从eFuse的第一字段或片外存储器的第二字段中的校验比特位 中确定第一版本的版本号对应的校验比特位为第二数值,则获知该版本可用,则该第一版本校验通过。The parity bit in the first field of the eFuse or the second field of the off-chip memory according to the version number of the first version If the verification bit corresponding to the version number of the first version is determined to be the second value, it is known that the version is available, and the first version is verified.
若是在启动第一版本时,对第一版本校验通过,则说明该版本不存在安全问题,则允许启动该版本。If the first version is verified when the first version is started, it indicates that there is no security problem in the version, and the version is allowed to be started.
若是在升级至第一版本时,对第一版本校验通过,则说明该版本不存在安全问题,则允许升级至该版本。If the first version is verified when you upgrade to the first version, it means that there is no security problem in the version, and you are allowed to upgrade to the version.
下面对有安全问题的版本进行校验比特位置位的过程进行说明。The following describes the process of verifying the bit position of a version with a security problem.
当某个版本(第二版本)有安全漏洞时,处理器接收到禁用第二版本的指示,该禁用指示中包括第二版本的版本号,则处理器根据该版本号确定第二版本的版本号对应的校验比特位是第几个bit位,该比特位原本为第二数值,此时,将该比特位置为第一数值,例如:当第二数值为0,第一数值为1时,将该比特位由0置位为1。以表示第二版本不可用,即已被禁用,后续不允许再升级到该版本,或不允许启动该版本。When a version (the second version) has a security vulnerability, the processor receives an indication that the second version is disabled, and the disable indication includes a version number of the second version, and the processor determines the version of the second version according to the version number. The parity bit corresponding to the number is the first bit, and the bit is originally the second value. At this time, the bit position is the first value, for example, when the second value is 0 and the first value is 1. Set this bit from 0 to 1. To indicate that the second version is not available, that is, it has been disabled, subsequent upgrades are not allowed to be upgraded to the version, or the version is not allowed to be started.
一种应用场景为,发现某个版本有漏洞时,升级到一个新的版本。此时,在升级时,既需要对有漏洞的版本的版本号对应的校验比特位置为第一数值,又要对待升级的版本进行图1所示的实施例中的版本校验。可选的,也可以在升级时不进行图1所示的实施例中的版本校验,待该版本升级完成后,在启动该版本时,对该版本进行图1所示的实施例中的版本校验。An application scenario is to upgrade to a new version when a vulnerability is found in a version. At this time, in the upgrade, the verification bit position corresponding to the version number of the vulnerable version is required to be the first value, and the version to be upgraded is subjected to the version verification in the embodiment shown in FIG. 1. Optionally, the version verification in the embodiment shown in FIG. 1 is not performed during the upgrade. After the version is upgraded, when the version is started, the version in the embodiment shown in FIG. 1 is performed on the version. Version verification.
例如:Ver1版本有安全漏洞,Ver1升级到Ver2。若采用eFuse存储校验比特位的方式,Ver2升级启动之后,更新NV_BITMAP_E,将不可使用的版本Ver1对应的比特置位。然后有安全漏洞的版本Ver1再也无法通过版本校验,其他无安全漏洞的版本Ver0,Ver2仍然可以通过版本校验。For example, the Ver1 version has a security vulnerability and Ver1 is upgraded to Ver2. If the eFuse is used to store the parity bit, after the Ver2 upgrade is started, the NV_BITMAP_E is updated, and the bit corresponding to the unusable version Ver1 is set. Then the version of Ver1 with security vulnerabilities can no longer pass the version verification. Other versions of Ver0 and Ver2 without security vulnerabilities can still pass the version verification.
本发明实施例中,每个版本的版本号有对应的校验比特位,通过比特位指示版本的禁用和可用信息。在获得某个版本时,先根据该版本的版本号确定该版本号对应的校验比特位,若该版本的版本号对应的校验比特位为第一数值,则确定该版本被禁用,校验不通过,则不允许该版本升级或启动;若该版本的版本号对应的校验比特位为第二数值,则确定该版本可用,校验通过,则允许该版本升级或启动。通过本发明实施例,在获取到某个版本后,可以对该版本进行安全校验,没有校验通过的版本无法使用,因此可以防止攻击者使用有安全漏洞的版本进行安全攻击。In the embodiment of the present invention, the version number of each version has a corresponding check bit, and the version disable and available information is indicated by the bit. When obtaining a version, the verification bit corresponding to the version number is first determined according to the version number of the version. If the verification bit corresponding to the version number of the version is the first value, it is determined that the version is disabled. If the verification fails, the version is not allowed to be upgraded or started. If the verification bit corresponding to the version number of the version is the second value, it is determined that the version is available. If the verification is passed, the version is allowed to be upgraded or started. According to the embodiment of the present invention, after obtaining a certain version, the version can be verified by security, and the version that has not been verified cannot be used, thereby preventing an attacker from using a version with a security vulnerability for security attacks.
另外,校验比特位信息可根据版本的安全信息(bugList)进行更新,及时将有安全漏洞的版本对应的比特位设置为禁用,从而可以确保有安全漏洞的版本无法使用,防止攻击者使用有安全漏洞的版本进行安全攻击。In addition, the verification bit information can be updated according to the version of the security information (bugList), and the bit corresponding to the version of the security vulnerability is set to be disabled in time, thereby ensuring that the version with the security vulnerability cannot be used, preventing the attacker from using A version of the security vulnerability is used for security attacks.
另一方面,本发明实施例每个版本对应一个校验比特位,在被禁用的版本之前的其他版本,如果没有安全漏洞,还可以使用,若当前版本因为一些原因无法启动的时候,还可以将之前的其他版本作为备份版本启动。因此能够提高方案的完整性。On the other hand, each version of the embodiment of the present invention corresponds to one parity bit. Other versions before the disabled version can be used if there is no security vulnerability. If the current version cannot be started for some reason, Start the previous version as a backup version. Therefore, the integrity of the solution can be improved.
进一步,在实际应用中,在获取到某个版本时,需要先对该版本的版本信息进行签名认证,当签名认证通过时,才执行图1所示的实施例中步骤102至步骤104。Further, in the actual application, when a version is obtained, the version information of the version needs to be signed and authenticated. When the signature authentication is passed, the steps 102 to 104 in the embodiment shown in FIG. 1 are performed.
结合图4,下面对签名认证过程进行介绍。 Referring to Figure 4, the signature authentication process is described below.
系统启动代码(系统的某个版本对应的启动代码,System Code)在进行启动时,需要先进行签名安全校验,以确保系统启动代码没有被篡改。图1为系统安全启动相关的签名校验过程示意图,图1所示的示意图中采用eFuse模块存储密钥等与安全相关的内容。The system startup code (the startup code corresponding to a certain version of the system, System Code) needs to be signed and verified first to ensure that the system startup code has not been tampered with. FIG. 1 is a schematic diagram of a signature verification process related to system security startup. The schematic diagram shown in FIG. 1 uses an eFuse module to store keys and other security-related content.
签名认证的原理可以为:采用基于RSA非对称加密算法,使用私钥签名,公钥认证的签名认证机制来构建安全启动的信任链。The principle of signature authentication may be: using a RSA asymmetric encryption algorithm, using a private key signature, and a public key authentication signature authentication mechanism to construct a securely initiated trust chain.
芯片商随机生成非对称性密钥对,并将公钥Hash值和私钥指数烧入Efuse,公钥写到Flash指定位置,设备商使用一单向散列函数:哈希(Hash)函数对系统启动代码生成信息摘要,然后使用Efuse私钥对信息摘要进行加密,即数字签名,签名后的信息摘要与系统启动代码放在一起,写到片外存储器,片外存储器通常是FLASH,例如,图4中所示为非易失性随机访问存储器(Non-Volatile Random Access Memory,NVRAM),公私钥对由芯片内部产生,烧写与校验过程不可见,且不备份。The chip vendor randomly generates an asymmetric key pair, and burns the public key hash value and the private key index into Efuse. The public key is written to the specified location of the flash, and the device vendor uses a one-way hash function: a hash function pair. The system startup code generates a message digest, and then encrypts the message digest using the Efuse private key, that is, digital signature. The signed message digest is put together with the system startup code and written to the off-chip memory. The off-chip memory is usually FLASH, for example, The non-Volatile Random Access Memory (NVRAM) is shown in FIG. 4. The public-private key pair is generated internally by the chip, is invisible to the programming and verification process, and is not backed up.
安全启动时,系统由片内Boot启动,片内Boot ROM包含最小系统初始化和签名认证安全校验程序,先对Flash中的公钥生成Hash值,与Efuse的可信公钥根(Root Of Trust Public Key,ROTPK)比对,所述可信公钥根是安全启动使用的EK公钥(N,e)的SHA256 Hash值,以保证校验签名使用的公钥是唯一指定的。如果通过则对片外系统启动代码生成Hash摘要值,再使用公钥认证签名得到原始Hash摘要值,对这两个信息摘要值进行校验,就知道系统启动代码是否被篡改过,是否是预期授权的代码。片外系统启动代码签名认证校验通过后,切换到片外系统启动代码执行,引导后续启动程序。When booting securely, the system is started by the on-chip Boot. The on-chip Boot ROM contains the minimum system initialization and signature authentication security check procedure. The Hash value is generated for the public key in Flash and the trusted public key root of Efuse (Root Of Trust). Public Key, ROTPK) The trusted public key root is the SHA256 Hash value of the EK public key (N, e) used for secure boot to ensure that the public key used for the verification signature is uniquely specified. If passed, the Hash digest value is generated for the off-chip system startup code, and the original Hash digest value is obtained by using the public key authentication signature. After verifying the two digest values, it is known whether the system startup code has been tampered with, whether it is expected or not. Authorized code. After the off-chip system startup code signature authentication verification is passed, switch to the off-chip system startup code execution to guide the subsequent startup program.
因此,在系统进行安全启动时,需要先对系统启动代码进行签名认证,签名认证通过后,确认系统启动代码没有被篡改,再进行图1所示的实施例中的版本校验,确定该版本的系统启动代码是否是可用的版本,是可用的版本时,才允许启动该版本。从而能够从确保程序启动时的安全性。Therefore, when the system performs a secure startup, the system startup code needs to be signed and authenticated. After the signature authentication is passed, it is confirmed that the system startup code has not been tampered with, and then the version verification in the embodiment shown in FIG. 1 is performed to determine the version. Whether the system startup code is available or not, is allowed to start when the version is available. This makes it possible to ensure the security at the start of the program.
以上是对本发明实施例中的版本校验方法进行的介绍,下面对本发明实施例中的版本校验装置进行介绍。The above is a description of the version verification method in the embodiment of the present invention. The version verification apparatus in the embodiment of the present invention is described below.
结合图5,本发明实施例中的版本校验装置包括:With reference to FIG. 5, the version verification apparatus in the embodiment of the present invention includes:
版本信息获取模块501,用于获取第一版本的版本信息,该版本信息包括第一版本的版本号;The version information obtaining module 501 is configured to obtain version information of the first version, where the version information includes a version number of the first version;
版本校验模块502,用于根据第一版本的版本号确定第一版本的版本号对应的校验比特位,若第一版本的版本号对应的校验比特位为第一数值,则确定第一版本被禁用,第一版本校验未通过,若第一版本的版本号对应的校验比特位为第二数值,则确定第一版本可用,第一版本校验通过。The version verification module 502 is configured to determine, according to the version number of the first version, a parity bit corresponding to the version number of the first version, and if the verification bit corresponding to the version number of the first version is the first value, determine the first A version is disabled, the first version check fails, and if the check bit corresponding to the version number of the first version is the second value, it is determined that the first version is available, and the first version is verified.
在一些具体的实施中,该装置还包括:In some specific implementations, the apparatus further includes:
接收模块503,用于接收禁用第二版本的指示,禁用第二版本的指示中包括第二版本的版本号;校验位更新模块504,用于根据第二版本的版本号确定第二版本的版本号对应的校验比特位,将第二版本的版本号对应的校验比特位置为第一数值。The receiving module 503 is configured to receive an indication that the second version is disabled, and the version that disables the second version includes a version number of the second version. The check digit update module 504 is configured to determine the second version according to the version number of the second version. The parity bit corresponding to the version number, and the parity bit corresponding to the version number of the second version is the first value.
在一些具体的实施中,所述版本号对应的校验比特位存储于电子熔断金属熔丝eFuse的第一字段中,第一字段中的每个比特位用于指示一个版本是否被禁用。 In some implementations, the verification bit corresponding to the version number is stored in a first field of the electronic fuse metal fuse eFuse, and each bit in the first field is used to indicate whether a version is disabled.
在一些具体的实施中,所述版本号对应的校验比特位存储于闪存Flash的第二字段中,第二字段中的每个比特位用于指示一个版本是否被禁用。In some implementations, the verification bit corresponding to the version number is stored in a second field of the flash memory, and each bit in the second field is used to indicate whether a version is disabled.
在一些具体的实施中,该装置还包括:签名认证模块505,用于对第一版本的版本信息进行签名认证,当签名认证通过时,则版本校验模块502执行根据第一版本的版本号确定第一版本的版本号对应的校验比特位的步骤。In some implementations, the device further includes: a signature authentication module 505, configured to perform signature verification on the version information of the first version, and when the signature authentication is passed, the version verification module 502 executes the version number according to the first version. The step of determining the parity bit corresponding to the version number of the first version.
在一些具体的实施中,版本信息获取模块501,具体用于接收升级指示,根据升级指示获取第一版本的版本信息;该装置还包括:升级模块506,用于当校验不通过时,不升级至第一版本;若校验通过时,升级至第一版本。In some implementations, the version information obtaining module 501 is configured to receive an upgrade indication, and obtain version information of the first version according to the upgrade instruction. The device further includes: an upgrade module 506, configured to: when the verification fails, Upgrade to the first version; if the verification passes, upgrade to the first version.
在一些具体的实施中,版本信息获取模块501,具体用于接收启动第一版本的启动指示,根据启动指示获取第一版本的版本信息;该装置还包括:安全启动模块507,用于当第一版本校验不通过时,不启动第一版本,当第一版本校验通过时,启动第一版本。In some specific implementations, the version information obtaining module 501 is configured to receive a startup indication for starting the first version, and obtain version information of the first version according to the startup indication. The device further includes: a security startup module 507, configured to be used by When the version verification fails, the first version is not started. When the first version is verified, the first version is started.
以上版本校验装置中的各模块之间的信息交互请参阅上述版本校验方法实施例(图1至图4所对应的实施例)中的描述,此处不再赘述。For the information exchange between the modules in the above-mentioned version verification device, refer to the description in the embodiment of the above-mentioned version verification method (the embodiment corresponding to FIG. 1 to FIG. 4), and details are not described herein again.
可选的,上述版本校验方法中实现的功能可以通过专用集成电路(英文:application-specific integrated circuit,简称:ASIC)实现,或可编程逻辑器件(英文:programmable logic device,简称:PLD)实现。上述PLD可以是复杂可编程逻辑器件(英文:complex programmable logic device,简称:CPLD),FPGA,通用阵列逻辑(英文:generic array logic,简称:GAL)或其任意组合。Optionally, the functions implemented in the foregoing version verification method may be implemented by an application-specific integrated circuit (ASIC: ASIC) or a programmable logic device (English: programmable logic device, PLD for short). . The PLD may be a complex programmable logic device (CPLD), an FPGA, a general array logic (GAL), or any combination thereof.
另外,本发明实施例还提供了一种芯片,该芯片用于执行程序代码,以执行上述版本校验方法实施例的全部或部分步骤。In addition, an embodiment of the present invention further provides a chip for executing program code to perform all or part of the steps of the foregoing version verification method embodiment.
该芯片包括电子熔断金属熔丝eFuse,所述eFuse中存储有版本校验比特位,每个比特位用于指示一个版本是否被禁用。The chip includes an electronic fuse metal fuse eFuse in which a version check bit is stored, each bit being used to indicate whether a version is disabled.
此外,本发明实施例还提供了一种终端设备,该终端设备可以以一个用户设备(例如:手机)的形式存在。该终端设备还可以包括手持设备、车载设备、可穿戴设备、计算设备,以及各种形式的用户设备。手持设备可以为包括手机、平板电脑、PDA(Personal Digital Assistant,个人数字助理)、等任意终端设备。In addition, the embodiment of the present invention further provides a terminal device, which may exist in the form of a user equipment (for example, a mobile phone). The terminal device may also include a handheld device, an in-vehicle device, a wearable device, a computing device, and various forms of user devices. The handheld device can be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), and the like.
下面以手机为例对本发明实施例中的终端设备进行说明。The terminal device in the embodiment of the present invention will be described below by taking a mobile phone as an example.
图6示出的是与本发明实施例提供的用户设备相关的手机的部分结构的框图。参考图6,手机包括:射频(Radio Frequency,RF)电路610、存储器620、输入单元630、显示单元640、传感器650、音频电路660、无线保真(wireless fidelity,WiFi)模块670、处理器680、以及电源690等部件。其中,射频电路610、WiFi模块670为收发器。本领域技术人员可以理解,图6中示出的手机结构并不构成对手机的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。FIG. 6 is a block diagram showing a partial structure of a mobile phone related to a user equipment provided by an embodiment of the present invention. Referring to FIG. 6, the mobile phone includes: a radio frequency (RF) circuit 610, a memory 620, an input unit 630, a display unit 640, a sensor 650, an audio circuit 660, a wireless fidelity (WiFi) module 670, and a processor 680. And power supply 690 and other components. The radio frequency circuit 610 and the WiFi module 670 are transceivers. It will be understood by those skilled in the art that the structure of the handset shown in FIG. 6 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different components may be arranged.
下面结合图6对手机的各个构成部件进行具体的介绍:The following describes the components of the mobile phone in detail with reference to FIG. 6:
存储器620可用于存储软件程序以及模块,处理器680通过运行存储在存储器620的软件程序以及模块,从而执行手机的各种功能应用以及数据处理。存储器620可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用 程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据手机的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器620可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 620 can be used to store software programs and modules, and the processor 680 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 620. The memory 620 can mainly include a storage program area and a storage data area, wherein the storage program area can store an operating system, an application required for at least one function. Programs (such as sound playback function, image playback function, etc.); the storage data area can store data (such as audio data, phone book, etc.) created according to the use of the mobile phone. Moreover, memory 620 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
具体的,存储器620存储的应用程序为执行时包括上述图1到图4所对应的方法中的部分或者全部步骤。存储器620中存储所述版本号信息、版本对应的程序启动代码等信息。Specifically, the application stored in the memory 620 includes some or all of the steps in the methods corresponding to the foregoing FIG. 1 to FIG. 4 when executed. The memory 620 stores information such as the version number information, the program startup code corresponding to the version, and the like.
输入单元630可用于接收输入的数字或字符信息,以及产生与手机的用户设置以及功能控制有关的键信号输入。具体地,输入单元630可包括触控面板631以及其他输入设备632。触控面板631,也称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板631上或在触控面板631附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触控面板631可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器680,并能接收处理器680发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板631。除了触控面板631,输入单元630还可以包括其他输入设备632。具体地,其他输入设备632可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。The input unit 630 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset. Specifically, the input unit 630 may include a touch panel 631 and other input devices 632. The touch panel 631, also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 631 or near the touch panel 631. Operation), and drive the corresponding connecting device according to a preset program. Optionally, the touch panel 631 can include two parts: a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 680 is provided and can receive commands from the processor 680 and execute them. In addition, the touch panel 631 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch panel 631, the input unit 630 may also include other input devices 632. In particular, other input devices 632 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
显示单元640可用于显示由用户输入的信息或提供给用户的信息。显示单元640可包括显示面板641,可选的,可以采用液晶显示器(Liquid Crystal Display,LCD)、有机发光二极管(Organic Light-Emitting Diode,OLED)等形式来配置显示面板641。进一步的,触控面板631可覆盖显示面板641,当触控面板631检测到在其上或附近的触摸操作后,传送给处理器680以确定触摸事件的类型,随后处理器680根据触摸事件的类型在显示面板641上提供相应的视觉输出。虽然在图6中,触控面板631与显示面板641是作为两个独立的部件来实现手机的输入和输入功能,但是在某些实施例中,可以将触控面板631与显示面板641集成而实现手机的输入和输出功能。The display unit 640 can be used to display information input by the user or information provided to the user. The display unit 640 can include a display panel 641. Alternatively, the display panel 641 can be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 631 can cover the display panel 641. When the touch panel 631 detects a touch operation on or near it, the touch panel 631 transmits to the processor 680 to determine the type of the touch event, and then the processor 680 according to the touch event. The type provides a corresponding visual output on display panel 641. Although in FIG. 6, the touch panel 631 and the display panel 641 are two independent components to implement the input and input functions of the mobile phone, in some embodiments, the touch panel 631 may be integrated with the display panel 641. Realize the input and output functions of the phone.
处理器680是手机的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器620内的软件程序和/或模块,以及调用存储在存储器620内的数据,执行手机的各种功能和处理数据,从而对手机进行整体监控。可选的,处理器680可包括一个或多个处理单元;优选的,处理器680可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器680中。The processor 680 is the control center of the handset, and connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 620, and invoking data stored in the memory 620, executing The phone's various functions and processing data, so that the overall monitoring of the phone. Optionally, the processor 680 may include one or more processing units; preferably, the processor 680 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 680.
具体的,本发明实施例中的处理器680用于执行存储器620中的应用程序,以执行图1到图4中的实施例中的处理器所执行的部分或者全部步骤。Specifically, the processor 680 in the embodiment of the present invention is configured to execute an application in the memory 620 to perform some or all of the steps performed by the processor in the embodiment of FIG. 1 to FIG.
手机还可包括至少一种传感器650、电源690,尽管未示出,手机还可以包括摄像头、蓝牙模块等,在此不再赘述。The mobile phone may further include at least one type of sensor 650 and a power source 690. Although not shown, the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein.
另外,本发明实施例还提供了一种计算机存储介质,该介质存储有应用程序,该程序 执行时包括上述版本校验方法中的部分或者全部步骤。In addition, an embodiment of the present invention further provides a computer storage medium, where the medium stores an application program, and the program Execution includes some or all of the steps in the above version verification method.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium. A number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。 The above embodiments are only used to illustrate the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the embodiments are modified, or the equivalents of the technical features are replaced by the equivalents of the technical solutions of the embodiments of the present invention.

Claims (15)

  1. 一种版本校验方法,其特征在于,包括:A version verification method, comprising:
    获取第一版本的版本信息,所述版本信息包括所述第一版本的版本号;Obtaining version information of the first version, where the version information includes a version number of the first version;
    根据所述第一版本的版本号确定所述第一版本的版本号对应的校验比特位;Determining, according to the version number of the first version, a parity bit corresponding to the version number of the first version;
    若所述第一版本的版本号对应的校验比特位为第一数值,则确定所述第一版本被禁用,所述第一版本校验未通过;If the verification bit corresponding to the version number of the first version is the first value, determining that the first version is disabled, and the first version verification fails;
    若所述第一版本的版本号对应的校验比特位为第二数值,则确定所述第一版本可用,所述第一版本校验通过。If the parity bit corresponding to the version number of the first version is the second value, it is determined that the first version is available, and the first version is verified.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    接收禁用第二版本的指示,所述禁用第二版本的指示中包括所述第二版本的版本号;Receiving an indication that the second version is disabled, the indication of disabling the second version includes a version number of the second version;
    根据所述第二版本的版本号确定所述第二版本的版本号对应的校验比特位;Determining, according to the version number of the second version, a parity bit corresponding to the version number of the second version;
    将所述第二版本的版本号对应的校验比特位置为所述第一数值。The check bit position corresponding to the version number of the second version is the first value.
  3. 根据权利要求1所述的方法,其特征在于,The method of claim 1 wherein
    所述第一版本的版本号对应的校验比特位存储于电子熔断金属熔丝eFuse的第一字段中,所述第一字段中的每个比特位用于指示一个版本是否被禁用。The parity bit corresponding to the version number of the first version is stored in a first field of the electronic fuse metal fuse eFuse, and each bit in the first field is used to indicate whether a version is disabled.
  4. 根据权利要求1所述的方法,其特征在于,The method of claim 1 wherein
    所述第一版本的版本号对应的校验比特位存储于闪存Flash的第二字段中,所述第二字段中的每个比特位用于指示一个版本是否被禁用。The parity bit corresponding to the version number of the first version is stored in a second field of the flash memory, and each bit in the second field is used to indicate whether a version is disabled.
  5. 根据权利要求1至4中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 4, further comprising:
    对所述第一版本的版本信息进行签名认证;Performing signature verification on the version information of the first version;
    当签名认证通过时,则执行根据所述第一版本的版本号确定所述第一版本的版本号对应的校验比特位的步骤。When the signature authentication is passed, the step of determining the parity bit corresponding to the version number of the first version according to the version number of the first version is performed.
  6. 根据权利要求1至4中任一项所述的方法,其特征在于,所述获取第一版本的版本信息包括:The method according to any one of claims 1 to 4, wherein the obtaining the version information of the first version comprises:
    接收升级指示,根据所述升级指示获取所述第一版本的版本信息;Receiving an upgrade indication, and obtaining version information of the first version according to the upgrade indication;
    所述方法还包括:The method further includes:
    若校验不通过,则不升级至所述第一版本;If the verification fails, the upgrade to the first version is not performed;
    若校验通过,则升级至所述第一版本。If the verification passes, upgrade to the first version.
  7. 根据权利要求1至4中任一项所述的方法,其特征在于,所述获取第一版本的版本信息包括:The method according to any one of claims 1 to 4, wherein the obtaining the version information of the first version comprises:
    接收启动所述第一版本的启动指示,根据所述启动指示获取所述第一版本的版本信息;Receiving a startup indication for starting the first version, and acquiring version information of the first version according to the startup indication;
    所述方法还包括:The method further includes:
    当所述第一版本校验不通过时,不启动所述第一版本;When the first version verification fails, the first version is not started;
    当所述第一版本校验通过时,启动所述第一版本。The first version is launched when the first version verification passes.
  8. 一种版本校验装置,其特征在于,包括:A version verification device, comprising:
    版本信息获取模块,用于获取第一版本的版本信息,所述版本信息包括所述第一版本的版本号; a version information obtaining module, configured to obtain version information of the first version, where the version information includes a version number of the first version;
    版本校验模块,用于根据所述第一版本的版本号确定所述第一版本的版本号对应的校验比特位,若所述第一版本的版本号对应的校验比特位为第一数值,则确定所述第一版本被禁用,所述第一版本校验未通过,若所述第一版本的版本号对应的校验比特位为第二数值,则确定所述第一版本可用,所述第一版本校验通过。a version verification module, configured to determine, according to the version number of the first version, a parity bit corresponding to the version number of the first version, where the verification bit corresponding to the version number of the first version is the first a value, determining that the first version is disabled, the first version verification is not passed, and if the verification bit corresponding to the version number of the first version is a second value, determining that the first version is available The first version is verified to pass.
  9. 根据权利要求8所述的装置,其特征在于,所述装置还包括:The device according to claim 8, wherein the device further comprises:
    接收模块,用于接收禁用第二版本的指示,所述禁用第二版本的指示中包括所述第二版本的版本号;a receiving module, configured to receive an indication that the second version is disabled, where the indication of disabling the second version includes a version number of the second version;
    校验位更新模块,用于根据所述第二版本的版本号确定所述第二版本的版本号对应的校验比特位,将所述第二版本的版本号对应的校验比特位置为所述第一数值。a check bit updating module, configured to determine, according to the version number of the second version, a parity bit corresponding to the version number of the second version, and the check bit position corresponding to the version number of the second version is Said the first value.
  10. 根据权利要求8所述的装置,其特征在于,The device of claim 8 wherein:
    所述第一版本的版本号对应的校验比特位存储于电子熔断金属熔丝eFuse的第一字段中,所述第一字段中的每个比特位用于指示一个版本是否被禁用。The parity bit corresponding to the version number of the first version is stored in a first field of the electronic fuse metal fuse eFuse, and each bit in the first field is used to indicate whether a version is disabled.
  11. 根据权利要求8所述的装置,其特征在于,The device of claim 8 wherein:
    所述第一版本的版本号对应的校验比特位存储于闪存Flash的第二字段中,所述第二字段中的每个比特位用于指示一个版本是否被禁用。The parity bit corresponding to the version number of the first version is stored in a second field of the flash memory, and each bit in the second field is used to indicate whether a version is disabled.
  12. 根据权利要求8至11中任一项所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 8 to 11, wherein the device further comprises:
    签名认证模块,用于对所述第一版本的版本信息进行签名认证,当签名认证通过时,则所述版本校验模块执行所述根据所述第一版本的版本号确定所述第一版本的版本号对应的校验比特位的步骤。a signature authentication module, configured to perform signature verification on the version information of the first version. When the signature authentication is passed, the version verification module performs the determining the first version according to the version number of the first version. The step of verifying the bit corresponding to the version number.
  13. 根据权利要求8至11中任一项所述的装置,其特征在于,Apparatus according to any one of claims 8 to 11 wherein:
    所述版本信息获取模块,具体用于接收升级指示,根据所述升级指示获取所述第一版本的版本信息;The version information obtaining module is configured to receive an upgrade instruction, and obtain version information of the first version according to the upgrade instruction.
    所述装置还包括:The device also includes:
    升级模块,用于当校验不通过时,不升级至所述第一版本;若校验通过时,升级至所述第一版本。The upgrade module is configured not to upgrade to the first version when the verification fails, and to upgrade to the first version if the verification is passed.
  14. 根据权利要求8至11中任一项所述的装置,其特征在于,Apparatus according to any one of claims 8 to 11 wherein:
    所述版本信息获取模块,具体用于接收启动所述第一版本的启动指示,根据所述启动指示获取所述第一版本的版本信息;The version information obtaining module is configured to receive a startup instruction for starting the first version, and obtain version information of the first version according to the startup indication.
    所述装置还包括:The device also includes:
    安全启动模块,用于当所述第一版本校验不通过时,不启动所述第一版本,当所述第一版本校验通过时,启动所述第一版本。The security startup module is configured to not start the first version when the first version verification fails, and start the first version when the first version verification passes.
  15. 一种终端设备,其特征在于,所述终端设备包括:相互连接的收发器、处理器及存储器;A terminal device, comprising: a transceiver, a processor and a memory connected to each other;
    所述存储器用于存储程序代码,所述处理器调用所述存储器中的所述程序代码,以执行以下操作:The memory is for storing program code, and the processor calls the program code in the memory to perform the following operations:
    获取第一版本的版本信息,所述版本信息包括所述第一版本的版本号;根据所述第一版本的版本号确定所述第一版本的版本号对应的校验比特位;若所述第一版本的版本号对 应的校验比特位为第一数值,则确定所述第一版本被禁用,所述第一版本校验未通过;若所述第一版本的版本号对应的校验比特位为第二数值,则确定所述第一版本可用,所述第一版本校验通过。 Obtaining version information of the first version, where the version information includes a version number of the first version; determining, according to the version number of the first version, a parity bit corresponding to the version number of the first version; The version number of the first version If the check bit is the first value, it is determined that the first version is disabled, the first version check fails; if the check bit corresponding to the version number of the first version is the second value And determining that the first version is available, and the first version is verified.
PCT/CN2017/108532 2016-11-15 2017-10-31 Version check method, apparatus and terminal device WO2018090818A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611005776.8 2016-11-15
CN201611005776.8A CN106650460B (en) 2016-11-15 2016-11-15 A kind of edition correcting method, device and terminal device

Publications (1)

Publication Number Publication Date
WO2018090818A1 true WO2018090818A1 (en) 2018-05-24

Family

ID=58806825

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/108532 WO2018090818A1 (en) 2016-11-15 2017-10-31 Version check method, apparatus and terminal device

Country Status (2)

Country Link
CN (1) CN106650460B (en)
WO (1) WO2018090818A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110442387A (en) * 2019-07-02 2019-11-12 湖北亿咖通科技有限公司 A kind of the parameter adaptive method, apparatus and automobile of onboard system
CN112181482A (en) * 2020-09-29 2021-01-05 平安科技(深圳)有限公司 Version verification method and device, electronic equipment and storage medium
CN116909810A (en) * 2023-06-30 2023-10-20 南京国电南自电网自动化有限公司 Protection control device with double backup programs and starting method thereof

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106650460B (en) * 2016-11-15 2019-07-19 上海华为技术有限公司 A kind of edition correcting method, device and terminal device
CN109508534A (en) * 2017-09-14 2019-03-22 厦门雅迅网络股份有限公司 Prevent method, the embedded system attacked that degrade by software
CN108008283A (en) * 2017-11-23 2018-05-08 莱克电气股份有限公司 Version number detection system and method
CN109241748A (en) * 2018-11-28 2019-01-18 郑州云海信息技术有限公司 A method of based on software version number identification software loophole
CN109947446A (en) * 2019-02-22 2019-06-28 南京电研电力自动化股份有限公司 A kind of protective device liquid crystal display method of general configurable auto upgrading menu
CN111736859B (en) * 2019-03-25 2023-08-01 成都鼎桥通信技术有限公司 Version updating method of operating system, server and terminal
CN112527341B (en) * 2019-09-19 2024-03-01 合肥杰发科技有限公司 Vehicle system upgrading method, vehicle system and computer storage medium
CN110990249B (en) * 2019-10-11 2023-11-14 平安科技(深圳)有限公司 Code scanning result processing method, device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100100966A1 (en) * 2008-10-21 2010-04-22 Memory Experts International Inc. Method and system for blocking installation of some processes
CN103279700A (en) * 2013-06-08 2013-09-04 北京时代奥视数码技术有限公司 LCD (Liquid Crystal Display) monitor and firmware version verification method thereof
CN103544413A (en) * 2013-10-31 2014-01-29 宇龙计算机通信科技(深圳)有限公司 Method and device for verifying software copyright in intelligent terminal
CN106650460A (en) * 2016-11-15 2017-05-10 上海华为技术有限公司 Version check method and device and terminal equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2548823C (en) * 2002-07-05 2009-01-20 Cyberscan Technology, Inc. Secure game download
US7921303B2 (en) * 2005-11-18 2011-04-05 Qualcomm Incorporated Mobile security system and method
EP1918839A1 (en) * 2006-11-03 2008-05-07 Siemens Aktiengesellschaft Modification of a software version of a control device software for a control device and identification of such a modification
CN102799815B (en) * 2012-06-29 2015-07-29 安科智慧城市技术(中国)有限公司 A kind of method and apparatus of safe loading procedure storehouse
US20140250290A1 (en) * 2013-03-01 2014-09-04 St-Ericsson Sa Method for Software Anti-Rollback Recovery

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100100966A1 (en) * 2008-10-21 2010-04-22 Memory Experts International Inc. Method and system for blocking installation of some processes
CN103279700A (en) * 2013-06-08 2013-09-04 北京时代奥视数码技术有限公司 LCD (Liquid Crystal Display) monitor and firmware version verification method thereof
CN103544413A (en) * 2013-10-31 2014-01-29 宇龙计算机通信科技(深圳)有限公司 Method and device for verifying software copyright in intelligent terminal
CN106650460A (en) * 2016-11-15 2017-05-10 上海华为技术有限公司 Version check method and device and terminal equipment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110442387A (en) * 2019-07-02 2019-11-12 湖北亿咖通科技有限公司 A kind of the parameter adaptive method, apparatus and automobile of onboard system
CN110442387B (en) * 2019-07-02 2022-05-17 亿咖通(湖北)技术有限公司 Parameter self-adaption method and device of vehicle-mounted system and vehicle
CN112181482A (en) * 2020-09-29 2021-01-05 平安科技(深圳)有限公司 Version verification method and device, electronic equipment and storage medium
CN112181482B (en) * 2020-09-29 2023-03-21 平安科技(深圳)有限公司 Version verification method and device, electronic equipment and storage medium
CN116909810A (en) * 2023-06-30 2023-10-20 南京国电南自电网自动化有限公司 Protection control device with double backup programs and starting method thereof

Also Published As

Publication number Publication date
CN106650460B (en) 2019-07-19
CN106650460A (en) 2017-05-10

Similar Documents

Publication Publication Date Title
WO2018090818A1 (en) Version check method, apparatus and terminal device
US10931451B2 (en) Securely recovering a computing device
EP3458999B1 (en) Self-contained cryptographic boot policy validation
US9589139B2 (en) Method and device for altering a unified extensible firmware interface (UEFI) secure boot process in a computing device
US8826405B2 (en) Trusting an unverified code image in a computing device
CN101578609B (en) Secure booting a computing device
EP3678039B1 (en) Secure startup method and apparatus, and terminal device
US8832778B2 (en) Methods and apparatuses for user-verifiable trusted path in the presence of malware
US8230412B2 (en) Compatible trust in a computing device
US9762396B2 (en) Device theft protection associating a device identifier and a user identifier
KR20160042897A (en) Secure os boot as per reference platform manifest and data sealing
KR20190033930A (en) Electronic device for encrypting security information and method for controlling thereof
KR20160096391A (en) Apparatus and Method for Security of Portable Terminal Based on Platform Integrity Verification
TWI841919B (en) Computer system for failing a secure boot in a case tampering event
CN113141610B (en) Device theft protection by associating a device identifier with a user identifier
Altuwaijri et al. Computer and Information Sciences

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17871089

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17871089

Country of ref document: EP

Kind code of ref document: A1